Feature Modeling and Dimensionality Reduction to Improve ML-Based DDOS Detection Systems in SDN Environment

Abstract

Distributed Denial of Service (DDoS) attacks are one of the most significant challenges in network security, especially in the Software-Defined Network (SDN) environment, due to the centralized network management provided by the Control Plane. Considering the insufficiency of traditional detection approaches because of the growth and sophistication of DDoS attacks, exploiting Machine Learning (ML) techniques is in high demand. For this, feature modeling is essential to obtain an effective ML-based DDoS detection system, especially in the pre-processing phase. In this paper, we proposed and implemented a pre-processing model based on deep studying the dataset, going so far as to increase the features number for a better representation and, if necessary, minimize the data dimension by exploring some dimensionality reduction techniques such as Principal Component Analysis (PCA) or t-distributed Stochastic Neighbor Embedding (t-SNE). Moreover, to invest even more in our conceptual aspect relating to SDN environments, as specified in the above-cited challenge, we have chosen to implement our proposed model using an open-source SDN dataset created specially in an SDN environment. Then, the statistical characteristics of these correlations are analyzed. In addition, eight ML techniques between supervised and unsupervised models were used in our work to detect DDoS attacks. Finally, we compared our proposed model with other existing approaches. The outcome showed that the detecting reliability is improved, and the method has a good effect on detecting DDoS attacks compared with other methods.